“We commend MCNC for taking the initiative to evidence that their control environment has been implemented successfully and is operating as intended.”—Juan Vargas, Assure Professional Senior IT Security Auditor
De Pere, WI (PRWEB)
August 03, 2017
MCNC—a technology nonprofit that builds, owns and operates the North Carolina Research and Education Network (NCREN) —has been examined by Assure Professional—a leading cybersecurity, assurance and compliance solutions provider—for the (SOC) 2 Type II attestation, by the standards established by the American Institute of Certified Public Accountants (AICPA). MCNC’s 5,000 square-foot data center located in Research Triangle Park, North Carolina is SOC 2 Type II compliant.
“We commend MCNC for taking the initiative to evidence that their control environment has been implemented successfully and is operating as intended,” said Juan Vargas, Assure Professional Senior IT Security Auditor. “It is admirable for a company to provide this assurance to their users.”
SOC 2 Type II compliance is designed for the burgeoning number of technology and cloud computing organizations and is based on Trust Services Principles (TSP): security, availability, processing integrity, confidentiality and privacy. Entities seeking this industry-leading certification go through a rigorous auditing process intended to maintain data security.
“MCNC recognizes the increasing importance of ensuring our services are secure and resilient in the face of cyber threats,” said Chris Beal, MCNC Chief Information Security Officer. “The SOC 2 Type II standard sets a clear bar for appropriate security and risk management practices, and then goes a step further to ensure the right controls are in place, signifying our commitment to operating a secure data center.”
To be SOC 2 Type II compliant, an independent auditor tests and reports, for a period of six months to a year, on the structure and operational soundness of a service organization’s controls, specifically related to IT and data center service providers. The certification not only accounts for a data center’s system and suitability of its design of controls as reported by the company, but also includes verification of an auditor’s opinion on the operating effectiveness of…